Platform
php
Component
cve-md
Opgelost in
1.0.1
CVE-2025-3152 is a problematic cross-site scripting (XSS) vulnerability identified in ThinkOX version 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. The vulnerability resides within the /ThinkOX-master/index.php?s=/Weibo/Index/search.html component. A patch is available in version 1.0.1.
An attacker can exploit this XSS vulnerability by crafting a malicious URL containing a specially crafted 'keywords' parameter. When a user clicks this link or visits a page containing the malicious URL, the injected script will execute in their browser context. This could lead to session hijacking, redirection to phishing sites, or the theft of sensitive information like cookies and authentication tokens. The impact is amplified if the application is used to process sensitive data or if users have elevated privileges. Successful exploitation could allow an attacker to impersonate a legitimate user and perform actions on their behalf.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on user data warrant immediate attention. No known active campaigns targeting this specific CVE have been reported as of the publication date. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations using ThinkOX version 1.0, particularly those hosting the application on shared infrastructure or with limited security controls, are at increased risk. Users who frequently interact with the search functionality of the application are also more vulnerable.
• php / web:
curl -I 'http://your-thinkox-server.com/ThinkOX-master/index.php?s=/Weibo/Index/search.html&keywords=<script>alert(1)</script>' | grep -i content-type• php / web: Check for suspicious URLs in access logs containing the /ThinkOX-master/index.php?s=/Weibo/Index/search.html endpoint with unusual or encoded 'keywords' parameters.
• generic web: Monitor user behavior for unexpected redirects or actions originating from the affected ThinkOX application.
disclosure
Exploit Status
EPSS
0.14% (35% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-3152 is to upgrade ThinkOX to version 1.0.1, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the 'keywords' parameter to sanitize user-supplied data. Web application firewalls (WAFs) can also be configured to detect and block malicious requests containing XSS payloads targeting the vulnerable endpoint. Regularly review and update security policies to prevent similar vulnerabilities in the future.
Actualizar ThinkOX a una versión posterior a la 1.0, si existe, que corrija la vulnerabilidad de Cross-Site Scripting (XSS). Si no hay una actualización disponible, se recomienda deshabilitar o eliminar el componente Search hasta que se publique una solución. Como medida temporal, se puede implementar una validación y limpieza exhaustiva de la entrada 'keywords' para prevenir la inyección de código malicioso.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-3152 is a cross-site scripting (XSS) vulnerability in ThinkOX version 1.0, allowing attackers to inject malicious scripts via the 'keywords' parameter in the search functionality.
If you are using ThinkOX version 1.0, you are potentially affected. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade ThinkOX to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the 'keywords' parameter.
While no active campaigns have been confirmed, the vulnerability is publicly disclosed and could be exploited.
Refer to the ThinkOX official website or security advisories for the latest information and updates regarding CVE-2025-3152.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.